T-Soft E-Commerce 4 – change ‘admin credentials’ Cross-Site Request Forgery (CSRF)
>> TAG: #0day
T-Soft E-Commerce 4 – change ‘admin credentials’ Cross-Site Request Forgery (CSRF)
Church Management System 1.0 – ‘search’ SQL Injection (Unauthenticated)
WordPress 5.7 – ‘Media Library’ XML External Entity Injection (XXE) (Authenticated)
Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)
Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Budget and Expense Tracker System 1.0 – Authenticated Bypass
WordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass
Library Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated)
Simple Attendance System 1.0 – Authenticated bypass
ImpressCMS 1.4.2 – Remote Code Execution (RCE) (Authenticated)